1/**
2 * This file has no copyright assigned and is placed in the Public Domain.
3 * This file is part of the mingw-w64 runtime package.
4 * No warranty is given; refer to the file DISCLAIMER.PD within this package.
5 */
6#ifndef __SCHANNEL_H__
7#define __SCHANNEL_H__
8
9#include <_mingw_unicode.h>
10#include <wincrypt.h>
11
12#define UNISP_NAME_A "Microsoft Unified Security Protocol Provider"
13#define UNISP_NAME_W L"Microsoft Unified Security Protocol Provider"
14
15#define SSL2SP_NAME_A "Microsoft SSL 2.0"
16#define SSL2SP_NAME_W L"Microsoft SSL 2.0"
17
18#define SSL3SP_NAME_A "Microsoft SSL 3.0"
19#define SSL3SP_NAME_W L"Microsoft SSL 3.0"
20
21#define TLS1SP_NAME_A "Microsoft TLS 1.0"
22#define TLS1SP_NAME_W L"Microsoft TLS 1.0"
23
24#define PCT1SP_NAME_A "Microsoft PCT 1.0"
25#define PCT1SP_NAME_W L"Microsoft PCT 1.0"
26
27#define SCHANNEL_NAME_A "Schannel"
28#define SCHANNEL_NAME_W L"Schannel"
29
30#define UNISP_NAME __MINGW_NAME_UAW(UNISP_NAME)
31#define PCT1SP_NAME __MINGW_NAME_UAW(PCT1SP_NAME)
32#define SSL2SP_NAME __MINGW_NAME_UAW(SSL2SP_NAME)
33#define SSL3SP_NAME __MINGW_NAME_UAW(SSL3SP_NAME)
34#define TLS1SP_NAME __MINGW_NAME_UAW(TLS1SP_NAME)
35#define SCHANNEL_NAME __MINGW_NAME_UAW(SCHANNEL_NAME)
36
37#define UNISP_RPC_ID 14
38
39#define SECPKG_ATTR_ISSUER_LIST 0x50
40#define SECPKG_ATTR_REMOTE_CRED 0x51
41#define SECPKG_ATTR_LOCAL_CRED 0x52
42#define SECPKG_ATTR_REMOTE_CERT_CONTEXT 0x53
43#define SECPKG_ATTR_LOCAL_CERT_CONTEXT 0x54
44#define SECPKG_ATTR_ROOT_STORE 0x55
45#define SECPKG_ATTR_SUPPORTED_ALGS 0x56
46#define SECPKG_ATTR_CIPHER_STRENGTHS 0x57
47#define SECPKG_ATTR_SUPPORTED_PROTOCOLS 0x58
48#define SECPKG_ATTR_ISSUER_LIST_EX 0x59
49#define SECPKG_ATTR_CONNECTION_INFO 0x5a
50#define SECPKG_ATTR_EAP_KEY_BLOCK 0x5b
51#define SECPKG_ATTR_MAPPED_CRED_ATTR 0x5c
52#define SECPKG_ATTR_SESSION_INFO 0x5d
53#define SECPKG_ATTR_APP_DATA 0x5e
54
55typedef struct _SecPkgContext_IssuerListInfo {
56  DWORD cbIssuerList;
57  PBYTE pIssuerList;
58} SecPkgContext_IssuerListInfo,*PSecPkgContext_IssuerListInfo;
59
60typedef struct _SecPkgContext_RemoteCredentialInfo {
61  DWORD cbCertificateChain;
62  PBYTE pbCertificateChain;
63  DWORD cCertificates;
64  DWORD fFlags;
65  DWORD dwBits;
66} SecPkgContext_RemoteCredentialInfo,*PSecPkgContext_RemoteCredentialInfo;
67
68typedef SecPkgContext_RemoteCredentialInfo SecPkgContext_RemoteCredenitalInfo,*PSecPkgContext_RemoteCredenitalInfo;
69
70#define RCRED_STATUS_NOCRED 0x00000000
71#define RCRED_CRED_EXISTS 0x00000001
72#define RCRED_STATUS_UNKNOWN_ISSUER 0x00000002
73
74typedef struct _SecPkgContext_LocalCredentialInfo {
75  DWORD cbCertificateChain;
76  PBYTE pbCertificateChain;
77  DWORD cCertificates;
78  DWORD fFlags;
79  DWORD dwBits;
80} SecPkgContext_LocalCredentialInfo,*PSecPkgContext_LocalCredentialInfo;
81
82typedef SecPkgContext_LocalCredentialInfo SecPkgContext_LocalCredenitalInfo,*PSecPkgContext_LocalCredenitalInfo;
83
84#define LCRED_STATUS_NOCRED 0x00000000
85#define LCRED_CRED_EXISTS 0x00000001
86#define LCRED_STATUS_UNKNOWN_ISSUER 0x00000002
87
88typedef struct _SecPkgCred_SupportedAlgs {
89  DWORD cSupportedAlgs;
90  ALG_ID *palgSupportedAlgs;
91} SecPkgCred_SupportedAlgs,*PSecPkgCred_SupportedAlgs;
92
93typedef struct _SecPkgCred_CipherStrengths {
94  DWORD dwMinimumCipherStrength;
95  DWORD dwMaximumCipherStrength;
96} SecPkgCred_CipherStrengths,*PSecPkgCred_CipherStrengths;
97
98typedef struct _SecPkgCred_SupportedProtocols {
99  DWORD grbitProtocol;
100} SecPkgCred_SupportedProtocols,*PSecPkgCred_SupportedProtocols;
101
102typedef struct _SecPkgContext_IssuerListInfoEx {
103  PCERT_NAME_BLOB aIssuers;
104  DWORD cIssuers;
105} SecPkgContext_IssuerListInfoEx,*PSecPkgContext_IssuerListInfoEx;
106
107typedef struct _SecPkgContext_ConnectionInfo {
108  DWORD dwProtocol;
109  ALG_ID aiCipher;
110  DWORD dwCipherStrength;
111  ALG_ID aiHash;
112  DWORD dwHashStrength;
113  ALG_ID aiExch;
114  DWORD dwExchStrength;
115} SecPkgContext_ConnectionInfo,*PSecPkgContext_ConnectionInfo;
116
117typedef struct _SecPkgContext_EapKeyBlock {
118  BYTE rgbKeys[128];
119  BYTE rgbIVs[64];
120} SecPkgContext_EapKeyBlock,*PSecPkgContext_EapKeyBlock;
121
122typedef struct _SecPkgContext_MappedCredAttr {
123  DWORD dwAttribute;
124  PVOID pvBuffer;
125} SecPkgContext_MappedCredAttr,*PSecPkgContext_MappedCredAttr;
126
127#define SSL_SESSION_RECONNECT 1
128
129typedef struct _SecPkgContext_SessionInfo {
130  DWORD dwFlags;
131  DWORD cbSessionId;
132  BYTE rgbSessionId[32];
133} SecPkgContext_SessionInfo,*PSecPkgContext_SessionInfo;
134
135typedef struct _SecPkgContext_SessionAppData {
136  DWORD dwFlags;
137  DWORD cbAppData;
138  PBYTE pbAppData;
139} SecPkgContext_SessionAppData,*PSecPkgContext_SessionAppData;
140
141#define SCH_CRED_V1 0x00000001
142#define SCH_CRED_V2 0x00000002
143#define SCH_CRED_VERSION 0x00000002
144#define SCH_CRED_V3 0x00000003
145#define SCHANNEL_CRED_VERSION 0x00000004
146
147struct _HMAPPER;
148
149typedef struct _SCHANNEL_CRED {
150  DWORD dwVersion;
151  DWORD cCreds;
152  PCCERT_CONTEXT *paCred;
153  HCERTSTORE hRootStore;
154  DWORD cMappers;
155  struct _HMAPPER **aphMappers;
156  DWORD cSupportedAlgs;
157  ALG_ID *palgSupportedAlgs;
158  DWORD grbitEnabledProtocols;
159  DWORD dwMinimumCipherStrength;
160  DWORD dwMaximumCipherStrength;
161  DWORD dwSessionLifespan;
162  DWORD dwFlags;
163  DWORD dwCredFormat;
164} SCHANNEL_CRED,*PSCHANNEL_CRED;
165
166#define SCH_CRED_FORMAT_CERT_HASH 0x00000001
167
168#define SCH_CRED_MAX_SUPPORTED_ALGS 256
169#define SCH_CRED_MAX_SUPPORTED_CERTS 100
170
171typedef struct _SCHANNEL_CERT_HASH {
172  DWORD dwLength;
173  DWORD dwFlags;
174  HCRYPTPROV hProv;
175  BYTE ShaHash[20];
176} SCHANNEL_CERT_HASH,*PSCHANNEL_CERT_HASH;
177
178#define SCH_MACHINE_CERT_HASH 0x00000001
179
180#define SCH_CRED_NO_SYSTEM_MAPPER 0x00000002
181#define SCH_CRED_NO_SERVERNAME_CHECK 0x00000004
182#define SCH_CRED_MANUAL_CRED_VALIDATION 0x00000008
183#define SCH_CRED_NO_DEFAULT_CREDS 0x00000010
184#define SCH_CRED_AUTO_CRED_VALIDATION 0x00000020
185#define SCH_CRED_USE_DEFAULT_CREDS 0x00000040
186#define SCH_CRED_DISABLE_RECONNECTS 0x00000080
187
188#define SCH_CRED_REVOCATION_CHECK_END_CERT 0x00000100
189#define SCH_CRED_REVOCATION_CHECK_CHAIN 0x00000200
190#define SCH_CRED_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT 0x00000400
191#define SCH_CRED_IGNORE_NO_REVOCATION_CHECK 0x00000800
192#define SCH_CRED_IGNORE_REVOCATION_OFFLINE 0x00001000
193#define SCH_CRED_REVOCATION_CHECK_CACHE_ONLY 0x00004000
194
195#define SCH_CRED_CACHE_ONLY_URL_RETRIEVAL 0x00008000
196
197#define SCHANNEL_RENEGOTIATE 0
198#define SCHANNEL_SHUTDOWN 1
199#define SCHANNEL_ALERT 2
200#define SCHANNEL_SESSION 3
201
202typedef struct _SCHANNEL_ALERT_TOKEN {
203  DWORD dwTokenType;
204  DWORD dwAlertType;
205  DWORD dwAlertNumber;
206} SCHANNEL_ALERT_TOKEN;
207
208#define TLS1_ALERT_WARNING 1
209#define TLS1_ALERT_FATAL 2
210
211#define TLS1_ALERT_CLOSE_NOTIFY 0
212#define TLS1_ALERT_UNEXPECTED_MESSAGE 10
213#define TLS1_ALERT_BAD_RECORD_MAC 20
214#define TLS1_ALERT_DECRYPTION_FAILED 21
215#define TLS1_ALERT_RECORD_OVERFLOW 22
216#define TLS1_ALERT_DECOMPRESSION_FAIL 30
217#define TLS1_ALERT_HANDSHAKE_FAILURE 40
218#define TLS1_ALERT_BAD_CERTIFICATE 42
219#define TLS1_ALERT_UNSUPPORTED_CERT 43
220#define TLS1_ALERT_CERTIFICATE_REVOKED 44
221#define TLS1_ALERT_CERTIFICATE_EXPIRED 45
222#define TLS1_ALERT_CERTIFICATE_UNKNOWN 46
223#define TLS1_ALERT_ILLEGAL_PARAMETER 47
224#define TLS1_ALERT_UNKNOWN_CA 48
225#define TLS1_ALERT_ACCESS_DENIED 49
226#define TLS1_ALERT_DECODE_ERROR 50
227#define TLS1_ALERT_DECRYPT_ERROR 51
228#define TLS1_ALERT_EXPORT_RESTRICTION 60
229#define TLS1_ALERT_PROTOCOL_VERSION 70
230#define TLS1_ALERT_INSUFFIENT_SECURITY 71
231#define TLS1_ALERT_INTERNAL_ERROR 80
232#define TLS1_ALERT_USER_CANCELED 90
233#define TLS1_ALERT_NO_RENEGOTIATATION 100
234
235#define SSL_SESSION_ENABLE_RECONNECTS 1
236#define SSL_SESSION_DISABLE_RECONNECTS 2
237
238typedef struct _SCHANNEL_SESSION_TOKEN {
239  DWORD dwTokenType;
240  DWORD dwFlags;
241} SCHANNEL_SESSION_TOKEN;
242
243#define CERT_SCHANNEL_IIS_PRIVATE_KEY_PROP_ID (CERT_FIRST_USER_PROP_ID + 0)
244#define CERT_SCHANNEL_IIS_PASSWORD_PROP_ID (CERT_FIRST_USER_PROP_ID + 1)
245#define CERT_SCHANNEL_SGC_CERTIFICATE_PROP_ID (CERT_FIRST_USER_PROP_ID + 2)
246
247#define SP_PROT_PCT1_SERVER 0x00000001
248#define SP_PROT_PCT1_CLIENT 0x00000002
249#define SP_PROT_PCT1 (SP_PROT_PCT1_SERVER | SP_PROT_PCT1_CLIENT)
250
251#define SP_PROT_SSL2_SERVER 0x00000004
252#define SP_PROT_SSL2_CLIENT 0x00000008
253#define SP_PROT_SSL2 (SP_PROT_SSL2_SERVER | SP_PROT_SSL2_CLIENT)
254
255#define SP_PROT_SSL3_SERVER 0x00000010
256#define SP_PROT_SSL3_CLIENT 0x00000020
257#define SP_PROT_SSL3 (SP_PROT_SSL3_SERVER | SP_PROT_SSL3_CLIENT)
258
259#define SP_PROT_TLS1_SERVER 0x00000040
260#define SP_PROT_TLS1_CLIENT 0x00000080
261#define SP_PROT_TLS1 (SP_PROT_TLS1_SERVER | SP_PROT_TLS1_CLIENT)
262
263#define SP_PROT_SSL3TLS1_CLIENTS (SP_PROT_TLS1_CLIENT | SP_PROT_SSL3_CLIENT)
264#define SP_PROT_SSL3TLS1_SERVERS (SP_PROT_TLS1_SERVER | SP_PROT_SSL3_SERVER)
265#define SP_PROT_SSL3TLS1 (SP_PROT_SSL3 | SP_PROT_TLS1)
266
267#define SP_PROT_UNI_SERVER 0x40000000
268#define SP_PROT_UNI_CLIENT 0x80000000
269#define SP_PROT_UNI (SP_PROT_UNI_SERVER | SP_PROT_UNI_CLIENT)
270
271#define SP_PROT_ALL 0xffffffff
272#define SP_PROT_NONE 0
273#define SP_PROT_CLIENTS (SP_PROT_PCT1_CLIENT | SP_PROT_SSL2_CLIENT | SP_PROT_SSL3_CLIENT | SP_PROT_UNI_CLIENT | SP_PROT_TLS1_CLIENT)
274#define SP_PROT_SERVERS (SP_PROT_PCT1_SERVER | SP_PROT_SSL2_SERVER | SP_PROT_SSL3_SERVER | SP_PROT_UNI_SERVER | SP_PROT_TLS1_SERVER)
275
276typedef WINBOOL (*SSL_EMPTY_CACHE_FN_A)(LPSTR pszTargetName,DWORD dwFlags);
277
278WINBOOL SslEmptyCacheA(LPSTR pszTargetName,DWORD dwFlags);
279
280typedef WINBOOL (*SSL_EMPTY_CACHE_FN_W)(LPWSTR pszTargetName,DWORD dwFlags);
281
282WINBOOL SslEmptyCacheW(LPWSTR pszTargetName,DWORD dwFlags);
283
284#define SSL_EMPTY_CACHE_FN __MINGW_NAME_UAW(SSL_EMPTY_CACHE_FN)
285#define SslEmptyCache __MINGW_NAME_AW(SslEmptyCache)
286
287typedef struct _SSL_CREDENTIAL_CERTIFICATE {
288  DWORD cbPrivateKey;
289  PBYTE pPrivateKey;
290  DWORD cbCertificate;
291  PBYTE pCertificate;
292  PSTR pszPassword;
293} SSL_CREDENTIAL_CERTIFICATE,*PSSL_CREDENTIAL_CERTIFICATE;
294
295#define SCHANNEL_SECRET_TYPE_CAPI 0x00000001
296#define SCHANNEL_SECRET_PRIVKEY 0x00000002
297#define SCH_CRED_X509_CERTCHAIN 0x00000001
298#define SCH_CRED_X509_CAPI 0x00000002
299#define SCH_CRED_CERT_CONTEXT 0x00000003
300
301struct _HMAPPER;
302typedef struct _SCH_CRED {
303  DWORD dwVersion;
304  DWORD cCreds;
305  PVOID *paSecret;
306  PVOID *paPublic;
307  DWORD cMappers;
308  struct _HMAPPER **aphMappers;
309} SCH_CRED,*PSCH_CRED;
310
311typedef struct _SCH_CRED_SECRET_CAPI {
312  DWORD dwType;
313  HCRYPTPROV hProv;
314} SCH_CRED_SECRET_CAPI,*PSCH_CRED_SECRET_CAPI;
315
316typedef struct _SCH_CRED_SECRET_PRIVKEY {
317  DWORD dwType;
318  PBYTE pPrivateKey;
319  DWORD cbPrivateKey;
320  PSTR pszPassword;
321} SCH_CRED_SECRET_PRIVKEY,*PSCH_CRED_SECRET_PRIVKEY;
322
323typedef struct _SCH_CRED_PUBLIC_CERTCHAIN {
324  DWORD dwType;
325  DWORD cbCertChain;
326  PBYTE pCertChain;
327} SCH_CRED_PUBLIC_CERTCHAIN,*PSCH_CRED_PUBLIC_CERTCHAIN;
328
329typedef struct _SCH_CRED_PUBLIC_CAPI {
330  DWORD dwType;
331  HCRYPTPROV hProv;
332} SCH_CRED_PUBLIC_CAPI,*PSCH_CRED_PUBLIC_CAPI;
333
334typedef struct _PctPublicKey {
335  DWORD Type;
336  DWORD cbKey;
337  UCHAR pKey[1];
338} PctPublicKey;
339
340typedef struct _X509Certificate {
341  DWORD Version;
342  DWORD SerialNumber[4];
343  ALG_ID SignatureAlgorithm;
344  FILETIME ValidFrom;
345  FILETIME ValidUntil;
346  PSTR pszIssuer;
347  PSTR pszSubject;
348  PctPublicKey *pPublicKey;
349} X509Certificate,*PX509Certificate;
350
351WINBOOL SslGenerateKeyPair(PSSL_CREDENTIAL_CERTIFICATE pCerts,PSTR pszDN,PSTR pszPassword,DWORD Bits);
352VOID SslGenerateRandomBits(PUCHAR pRandomData,LONG cRandomData);
353WINBOOL SslCrackCertificate(PUCHAR pbCertificate,DWORD cbCertificate,DWORD dwFlags,PX509Certificate *ppCertificate);
354VOID SslFreeCertificate(PX509Certificate pCertificate);
355DWORD WINAPI SslGetMaximumKeySize(DWORD Reserved);
356WINBOOL SslGetDefaultIssuers(PBYTE pbIssuers,DWORD *pcbIssuers);
357
358#define SSL_CRACK_CERTIFICATE_NAME TEXT("SslCrackCertificate")
359#define SSL_FREE_CERTIFICATE_NAME TEXT("SslFreeCertificate")
360
361typedef WINBOOL (WINAPI *SSL_CRACK_CERTIFICATE_FN)(PUCHAR pbCertificate,DWORD cbCertificate,WINBOOL VerifySignature,PX509Certificate *ppCertificate);
362typedef VOID (WINAPI *SSL_FREE_CERTIFICATE_FN)(PX509Certificate pCertificate);
363
364#if (_WIN32_WINNT >= 0x0600)
365typedef struct _SecPkgContext_EapPrfInfo {
366  DWORD dwVersion;
367  DWORD cbPrfData;
368} SecPkgContext_EapPrfInfo, *PSecPkgContext_EapPrfInfo;
369#endif /*(_WIN32_WINNT >= 0x0600)*/
370#if (_WIN32_WINNT >= 0x0601)
371typedef struct _SecPkgContext_SupportedSignatures {
372  WORD cSignatureAndHashAlgorithms;
373  WORD *pSignatureAndHashAlgorithms;
374} SecPkgContext_SupportedSignatures, *PSecPkgContext_SupportedSignatures;
375#endif /*(_WIN32_WINNT >= 0x0601)*/
376#endif
377